Tag Archives: validation

Are your regular expressions anchored?

I recently found a SQL injection vulnerability in a J2EE app where a request parameter is used to construct a dynamic JDBC query via string concatenation. When I discussed the issue with the developer, he said something to the effect of “Wait, I’m validating this field against a white list like our standards say, what’s [...]